external-repos/ivatar
1
0
Fork 0
mirror of https://git.linux-kernel.at/oliver/ivatar.git synced 2025-11-11 10:46:24 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
master
ivatar/templates/security.html
Oliver Falk e44a84e9ae Add thanks for Ezequiel
2025-08-23 15:35:36 +02:00

83 lines
3.0 KiB
HTML
Raw Permalink Blame History

{% extends 'base.html' %}
{% load i18n %}
{% load static %}
{% load bootstrap4 %}
{% block title %}{% trans 'federated avatar hosting service' %}{% endblock %}
{% block content %}
<style media="screen">
.container, p {
font-size:16px;
}
</style>
<h4>Reporting security bugs</h4>
If you discover a security issue in ivatar, please report it to us privately so
that we can push a fix to the main service before disclosing the problem
publicly. We will credit you publicly (unless you don't want to) with this
discovery.
<p></p>
The best way to do that is to file a security bug on our
<a href="https://git.linux-kernel.at/oliver/ivatar/issues/new"
title="https://git.linux-kernel.at/oliver/ivatar/issues/new" target="_new">
bug tracker
</a>. Make sure you change the bug visibility (see "This issue is confidential
and should only be visible to team members with at least Reporter access") and
set the 'Security' label.
<p></p>
Alternatively, you can talk to us at
<a href="mailto:security@libravatar.org"
title="mailto:security@libravatar.org">
security@libravatar.org
</a>.
<br/>
We will do our best to respond to you within 24-48 hours.
<br/>
Also, please let us know if you are under any kind of publication deadline.
<p></p>
<h4 style="margin-top: 2rem;">Security Hall of fame</h4>
We would like to thank the following people who have helped make
ivatar/Libravatar more secure by reporting security issues to us.
<ul>
<li>Ahmed Adel Abdelfattah (
<a href="https://twitter.com/00SystemError00"
title="https://twitter.com/00SystemError00" target="_new">@00SystemError00</a>):
improvement to mail configuration on <code>libravatar.org</code> and
<code>libravatar.com</code></li>
<li>
<a href="https://www.facebook.com/BugHunterID"
title="https://www.facebook.com/BugHunterID" target="_new">
Putra Adhari</a>:
<a href="https://bugs.launchpad.net/libravatar/+bug/1808720"
title="https://bugs.launchpad.net/libravatar/+bug/1808720" target="_new">
server-side request forgery</a> in OpenID support</li>
<li>
<a href="https://www.linkedin.com/in/naharronak/"
title="https://www.linkedin.com/in/naharronak/" target="_new">
Ronak Nahar</a>:
Spotted and reported open server status from Apache HTTPD.</li>
<li>
<a href="https://daniel.priv.no/"
title="https://daniel.priv.no/" target="_new">
Daniel Aleksandersen</a>:
Spotted and reported an open redirect vulnerability, as described in <a href="https://cwe.mitre.org/data/definitions/601.html" taget="_new">CWE-601</a>.</li>
<li>
MR_NETWORK &amp; Farzan ʷᵒⁿᵈᵉʳ:
Spotted a problematic use of SECRET_KEY in the production environment. Many thanks for reporting it to us!</li>
<li>
<a href="https://x.com/capitan_alfa"
title="@capitan_alfa @ X" target="_new">
Ezequiel Fernandez</a>
Spotted public accessible secret keys in our test instance! We appreciate him notifying us privately about this issue!
</li>
</ul>
<div style="height:40px"></div>
{% endblock %}
Reference in New Issue View Git Blame Copy Permalink